Contents of /trunk/kernel-alx/patches-4.9/0156-4.9.57-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3041 -
(show annotations)
(download)
Wed Dec 20 11:49:03 2017 UTC (6 years, 4 months ago) by niro
File size: 45967 byte(s)
Wed Dec 20 11:49:03 2017 UTC (6 years, 4 months ago) by niro
File size: 45967 byte(s)
-linux-4.9.57
| 1 | diff --git a/Makefile b/Makefile |
| 2 | index feab5f5a507c..d5a2ab9b3291 100644 |
| 3 | --- a/Makefile |
| 4 | +++ b/Makefile |
| 5 | @@ -1,6 +1,6 @@ |
| 6 | VERSION = 4 |
| 7 | PATCHLEVEL = 9 |
| 8 | -SUBLEVEL = 56 |
| 9 | +SUBLEVEL = 57 |
| 10 | EXTRAVERSION = |
| 11 | NAME = Roaring Lionus |
| 12 | |
| 13 | diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c |
| 14 | index e9385bcd9723..9ade60ca08e0 100644 |
| 15 | --- a/arch/mips/math-emu/cp1emu.c |
| 16 | +++ b/arch/mips/math-emu/cp1emu.c |
| 17 | @@ -2386,7 +2386,6 @@ static int fpu_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, |
| 18 | break; |
| 19 | default: |
| 20 | /* Reserved R6 ops */ |
| 21 | - pr_err("Reserved MIPS R6 CMP.condn.S operation\n"); |
| 22 | return SIGILL; |
| 23 | } |
| 24 | } |
| 25 | @@ -2460,7 +2459,6 @@ static int fpu_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, |
| 26 | break; |
| 27 | default: |
| 28 | /* Reserved R6 ops */ |
| 29 | - pr_err("Reserved MIPS R6 CMP.condn.D operation\n"); |
| 30 | return SIGILL; |
| 31 | } |
| 32 | } |
| 33 | diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h |
| 34 | index e7636bac7372..6c98821fef5e 100644 |
| 35 | --- a/arch/x86/include/asm/alternative-asm.h |
| 36 | +++ b/arch/x86/include/asm/alternative-asm.h |
| 37 | @@ -62,8 +62,10 @@ |
| 38 | #define new_len2 145f-144f |
| 39 | |
| 40 | /* |
| 41 | - * max without conditionals. Idea adapted from: |
| 42 | + * gas compatible max based on the idea from: |
| 43 | * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax |
| 44 | + * |
| 45 | + * The additional "-" is needed because gas uses a "true" value of -1. |
| 46 | */ |
| 47 | #define alt_max_short(a, b) ((a) ^ (((a) ^ (b)) & -(-((a) < (b))))) |
| 48 | |
| 49 | diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h |
| 50 | index 1b020381ab38..d4aea31eec03 100644 |
| 51 | --- a/arch/x86/include/asm/alternative.h |
| 52 | +++ b/arch/x86/include/asm/alternative.h |
| 53 | @@ -103,12 +103,12 @@ static inline int alternatives_text_reserved(void *start, void *end) |
| 54 | alt_end_marker ":\n" |
| 55 | |
| 56 | /* |
| 57 | - * max without conditionals. Idea adapted from: |
| 58 | + * gas compatible max based on the idea from: |
| 59 | * http://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax |
| 60 | * |
| 61 | - * The additional "-" is needed because gas works with s32s. |
| 62 | + * The additional "-" is needed because gas uses a "true" value of -1. |
| 63 | */ |
| 64 | -#define alt_max_short(a, b) "((" a ") ^ (((" a ") ^ (" b ")) & -(-((" a ") - (" b ")))))" |
| 65 | +#define alt_max_short(a, b) "((" a ") ^ (((" a ") ^ (" b ")) & -(-((" a ") < (" b ")))))" |
| 66 | |
| 67 | /* |
| 68 | * Pad the second replacement alternative with additional NOPs if it is |
| 69 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
| 70 | index 5f2412704b81..d29c745f10ad 100644 |
| 71 | --- a/arch/x86/kvm/mmu.c |
| 72 | +++ b/arch/x86/kvm/mmu.c |
| 73 | @@ -3648,13 +3648,6 @@ static bool sync_mmio_spte(struct kvm_vcpu *vcpu, u64 *sptep, gfn_t gfn, |
| 74 | static inline bool is_last_gpte(struct kvm_mmu *mmu, |
| 75 | unsigned level, unsigned gpte) |
| 76 | { |
| 77 | - /* |
| 78 | - * PT_PAGE_TABLE_LEVEL always terminates. The RHS has bit 7 set |
| 79 | - * iff level <= PT_PAGE_TABLE_LEVEL, which for our purpose means |
| 80 | - * level == PT_PAGE_TABLE_LEVEL; set PT_PAGE_SIZE_MASK in gpte then. |
| 81 | - */ |
| 82 | - gpte |= level - PT_PAGE_TABLE_LEVEL - 1; |
| 83 | - |
| 84 | /* |
| 85 | * The RHS has bit 7 set iff level < mmu->last_nonleaf_level. |
| 86 | * If it is clear, there are no large pages at this level, so clear |
| 87 | @@ -3662,6 +3655,13 @@ static inline bool is_last_gpte(struct kvm_mmu *mmu, |
| 88 | */ |
| 89 | gpte &= level - mmu->last_nonleaf_level; |
| 90 | |
| 91 | + /* |
| 92 | + * PT_PAGE_TABLE_LEVEL always terminates. The RHS has bit 7 set |
| 93 | + * iff level <= PT_PAGE_TABLE_LEVEL, which for our purpose means |
| 94 | + * level == PT_PAGE_TABLE_LEVEL; set PT_PAGE_SIZE_MASK in gpte then. |
| 95 | + */ |
| 96 | + gpte |= level - PT_PAGE_TABLE_LEVEL - 1; |
| 97 | + |
| 98 | return gpte & PT_PAGE_SIZE_MASK; |
| 99 | } |
| 100 | |
| 101 | @@ -4169,6 +4169,7 @@ void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly) |
| 102 | |
| 103 | update_permission_bitmask(vcpu, context, true); |
| 104 | update_pkru_bitmask(vcpu, context, true); |
| 105 | + update_last_nonleaf_level(vcpu, context); |
| 106 | reset_rsvds_bits_mask_ept(vcpu, context, execonly); |
| 107 | reset_ept_shadow_zero_bits_mask(vcpu, context, execonly); |
| 108 | } |
| 109 | diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h |
| 110 | index a01105485315..37363900297d 100644 |
| 111 | --- a/arch/x86/kvm/paging_tmpl.h |
| 112 | +++ b/arch/x86/kvm/paging_tmpl.h |
| 113 | @@ -324,10 +324,11 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker, |
| 114 | --walker->level; |
| 115 | |
| 116 | index = PT_INDEX(addr, walker->level); |
| 117 | - |
| 118 | table_gfn = gpte_to_gfn(pte); |
| 119 | offset = index * sizeof(pt_element_t); |
| 120 | pte_gpa = gfn_to_gpa(table_gfn) + offset; |
| 121 | + |
| 122 | + BUG_ON(walker->level < 1); |
| 123 | walker->table_gfn[walker->level - 1] = table_gfn; |
| 124 | walker->pte_gpa[walker->level - 1] = pte_gpa; |
| 125 | |
| 126 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
| 127 | index fb49212d25df..a8ae57acb6f6 100644 |
| 128 | --- a/arch/x86/kvm/vmx.c |
| 129 | +++ b/arch/x86/kvm/vmx.c |
| 130 | @@ -10690,7 +10690,7 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, |
| 131 | * (KVM doesn't change it)- no reason to call set_cr4_guest_host_mask(); |
| 132 | */ |
| 133 | vcpu->arch.cr4_guest_owned_bits = ~vmcs_readl(CR4_GUEST_HOST_MASK); |
| 134 | - kvm_set_cr4(vcpu, vmcs12->host_cr4); |
| 135 | + vmx_set_cr4(vcpu, vmcs12->host_cr4); |
| 136 | |
| 137 | nested_ept_uninit_mmu_context(vcpu); |
| 138 | |
| 139 | diff --git a/block/bio.c b/block/bio.c |
| 140 | index 655c9016052a..07f287b14cff 100644 |
| 141 | --- a/block/bio.c |
| 142 | +++ b/block/bio.c |
| 143 | @@ -1171,8 +1171,8 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
| 144 | */ |
| 145 | bmd->is_our_pages = map_data ? 0 : 1; |
| 146 | memcpy(bmd->iov, iter->iov, sizeof(struct iovec) * iter->nr_segs); |
| 147 | - iov_iter_init(&bmd->iter, iter->type, bmd->iov, |
| 148 | - iter->nr_segs, iter->count); |
| 149 | + bmd->iter = *iter; |
| 150 | + bmd->iter.iov = bmd->iov; |
| 151 | |
| 152 | ret = -ENOMEM; |
| 153 | bio = bio_kmalloc(gfp_mask, nr_pages); |
| 154 | @@ -1266,6 +1266,7 @@ struct bio *bio_map_user_iov(struct request_queue *q, |
| 155 | int ret, offset; |
| 156 | struct iov_iter i; |
| 157 | struct iovec iov; |
| 158 | + struct bio_vec *bvec; |
| 159 | |
| 160 | iov_for_each(iov, i, *iter) { |
| 161 | unsigned long uaddr = (unsigned long) iov.iov_base; |
| 162 | @@ -1310,7 +1311,12 @@ struct bio *bio_map_user_iov(struct request_queue *q, |
| 163 | ret = get_user_pages_fast(uaddr, local_nr_pages, |
| 164 | (iter->type & WRITE) != WRITE, |
| 165 | &pages[cur_page]); |
| 166 | - if (ret < local_nr_pages) { |
| 167 | + if (unlikely(ret < local_nr_pages)) { |
| 168 | + for (j = cur_page; j < page_limit; j++) { |
| 169 | + if (!pages[j]) |
| 170 | + break; |
| 171 | + put_page(pages[j]); |
| 172 | + } |
| 173 | ret = -EFAULT; |
| 174 | goto out_unmap; |
| 175 | } |
| 176 | @@ -1318,6 +1324,7 @@ struct bio *bio_map_user_iov(struct request_queue *q, |
| 177 | offset = offset_in_page(uaddr); |
| 178 | for (j = cur_page; j < page_limit; j++) { |
| 179 | unsigned int bytes = PAGE_SIZE - offset; |
| 180 | + unsigned short prev_bi_vcnt = bio->bi_vcnt; |
| 181 | |
| 182 | if (len <= 0) |
| 183 | break; |
| 184 | @@ -1332,6 +1339,13 @@ struct bio *bio_map_user_iov(struct request_queue *q, |
| 185 | bytes) |
| 186 | break; |
| 187 | |
| 188 | + /* |
| 189 | + * check if vector was merged with previous |
| 190 | + * drop page reference if needed |
| 191 | + */ |
| 192 | + if (bio->bi_vcnt == prev_bi_vcnt) |
| 193 | + put_page(pages[j]); |
| 194 | + |
| 195 | len -= bytes; |
| 196 | offset = 0; |
| 197 | } |
| 198 | @@ -1364,10 +1378,8 @@ struct bio *bio_map_user_iov(struct request_queue *q, |
| 199 | return bio; |
| 200 | |
| 201 | out_unmap: |
| 202 | - for (j = 0; j < nr_pages; j++) { |
| 203 | - if (!pages[j]) |
| 204 | - break; |
| 205 | - put_page(pages[j]); |
| 206 | + bio_for_each_segment_all(bvec, bio, j) { |
| 207 | + put_page(bvec->bv_page); |
| 208 | } |
| 209 | out: |
| 210 | kfree(pages); |
| 211 | diff --git a/crypto/shash.c b/crypto/shash.c |
| 212 | index a051541a4a17..4d8a671d1614 100644 |
| 213 | --- a/crypto/shash.c |
| 214 | +++ b/crypto/shash.c |
| 215 | @@ -274,12 +274,14 @@ static int shash_async_finup(struct ahash_request *req) |
| 216 | |
| 217 | int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc) |
| 218 | { |
| 219 | - struct scatterlist *sg = req->src; |
| 220 | - unsigned int offset = sg->offset; |
| 221 | unsigned int nbytes = req->nbytes; |
| 222 | + struct scatterlist *sg; |
| 223 | + unsigned int offset; |
| 224 | int err; |
| 225 | |
| 226 | - if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) { |
| 227 | + if (nbytes && |
| 228 | + (sg = req->src, offset = sg->offset, |
| 229 | + nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) { |
| 230 | void *data; |
| 231 | |
| 232 | data = kmap_atomic(sg_page(sg)); |
| 233 | diff --git a/drivers/base/property.c b/drivers/base/property.c |
| 234 | index 06f66687fe0b..7b313b567f4c 100644 |
| 235 | --- a/drivers/base/property.c |
| 236 | +++ b/drivers/base/property.c |
| 237 | @@ -20,6 +20,7 @@ |
| 238 | #include <linux/phy.h> |
| 239 | |
| 240 | struct property_set { |
| 241 | + struct device *dev; |
| 242 | struct fwnode_handle fwnode; |
| 243 | struct property_entry *properties; |
| 244 | }; |
| 245 | @@ -817,6 +818,7 @@ static struct property_set *pset_copy_set(const struct property_set *pset) |
| 246 | void device_remove_properties(struct device *dev) |
| 247 | { |
| 248 | struct fwnode_handle *fwnode; |
| 249 | + struct property_set *pset; |
| 250 | |
| 251 | fwnode = dev_fwnode(dev); |
| 252 | if (!fwnode) |
| 253 | @@ -826,16 +828,16 @@ void device_remove_properties(struct device *dev) |
| 254 | * the pset. If there is no real firmware node (ACPI/DT) primary |
| 255 | * will hold the pset. |
| 256 | */ |
| 257 | - if (is_pset_node(fwnode)) { |
| 258 | + pset = to_pset_node(fwnode); |
| 259 | + if (pset) { |
| 260 | set_primary_fwnode(dev, NULL); |
| 261 | - pset_free_set(to_pset_node(fwnode)); |
| 262 | } else { |
| 263 | - fwnode = fwnode->secondary; |
| 264 | - if (!IS_ERR(fwnode) && is_pset_node(fwnode)) { |
| 265 | + pset = to_pset_node(fwnode->secondary); |
| 266 | + if (pset && dev == pset->dev) |
| 267 | set_secondary_fwnode(dev, NULL); |
| 268 | - pset_free_set(to_pset_node(fwnode)); |
| 269 | - } |
| 270 | } |
| 271 | + if (pset && dev == pset->dev) |
| 272 | + pset_free_set(pset); |
| 273 | } |
| 274 | EXPORT_SYMBOL_GPL(device_remove_properties); |
| 275 | |
| 276 | @@ -863,6 +865,7 @@ int device_add_properties(struct device *dev, struct property_entry *properties) |
| 277 | |
| 278 | p->fwnode.type = FWNODE_PDATA; |
| 279 | set_secondary_fwnode(dev, &p->fwnode); |
| 280 | + p->dev = dev; |
| 281 | return 0; |
| 282 | } |
| 283 | EXPORT_SYMBOL_GPL(device_add_properties); |
| 284 | diff --git a/drivers/dma/edma.c b/drivers/dma/edma.c |
| 285 | index 77242b37ef87..57962bff7532 100644 |
| 286 | --- a/drivers/dma/edma.c |
| 287 | +++ b/drivers/dma/edma.c |
| 288 | @@ -1143,11 +1143,24 @@ static struct dma_async_tx_descriptor *edma_prep_dma_memcpy( |
| 289 | struct edma_desc *edesc; |
| 290 | struct device *dev = chan->device->dev; |
| 291 | struct edma_chan *echan = to_edma_chan(chan); |
| 292 | - unsigned int width, pset_len; |
| 293 | + unsigned int width, pset_len, array_size; |
| 294 | |
| 295 | if (unlikely(!echan || !len)) |
| 296 | return NULL; |
| 297 | |
| 298 | + /* Align the array size (acnt block) with the transfer properties */ |
| 299 | + switch (__ffs((src | dest | len))) { |
| 300 | + case 0: |
| 301 | + array_size = SZ_32K - 1; |
| 302 | + break; |
| 303 | + case 1: |
| 304 | + array_size = SZ_32K - 2; |
| 305 | + break; |
| 306 | + default: |
| 307 | + array_size = SZ_32K - 4; |
| 308 | + break; |
| 309 | + } |
| 310 | + |
| 311 | if (len < SZ_64K) { |
| 312 | /* |
| 313 | * Transfer size less than 64K can be handled with one paRAM |
| 314 | @@ -1169,7 +1182,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_memcpy( |
| 315 | * When the full_length is multibple of 32767 one slot can be |
| 316 | * used to complete the transfer. |
| 317 | */ |
| 318 | - width = SZ_32K - 1; |
| 319 | + width = array_size; |
| 320 | pset_len = rounddown(len, width); |
| 321 | /* One slot is enough for lengths multiple of (SZ_32K -1) */ |
| 322 | if (unlikely(pset_len == len)) |
| 323 | @@ -1217,7 +1230,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_memcpy( |
| 324 | } |
| 325 | dest += pset_len; |
| 326 | src += pset_len; |
| 327 | - pset_len = width = len % (SZ_32K - 1); |
| 328 | + pset_len = width = len % array_size; |
| 329 | |
| 330 | ret = edma_config_pset(chan, &edesc->pset[1], src, dest, 1, |
| 331 | width, pset_len, DMA_MEM_TO_MEM); |
| 332 | diff --git a/drivers/dma/ti-dma-crossbar.c b/drivers/dma/ti-dma-crossbar.c |
| 333 | index 2403475a37cf..88a00d06def6 100644 |
| 334 | --- a/drivers/dma/ti-dma-crossbar.c |
| 335 | +++ b/drivers/dma/ti-dma-crossbar.c |
| 336 | @@ -262,13 +262,14 @@ static void *ti_dra7_xbar_route_allocate(struct of_phandle_args *dma_spec, |
| 337 | mutex_lock(&xbar->mutex); |
| 338 | map->xbar_out = find_first_zero_bit(xbar->dma_inuse, |
| 339 | xbar->dma_requests); |
| 340 | - mutex_unlock(&xbar->mutex); |
| 341 | if (map->xbar_out == xbar->dma_requests) { |
| 342 | + mutex_unlock(&xbar->mutex); |
| 343 | dev_err(&pdev->dev, "Run out of free DMA requests\n"); |
| 344 | kfree(map); |
| 345 | return ERR_PTR(-ENOMEM); |
| 346 | } |
| 347 | set_bit(map->xbar_out, xbar->dma_inuse); |
| 348 | + mutex_unlock(&xbar->mutex); |
| 349 | |
| 350 | map->xbar_in = (u16)dma_spec->args[0]; |
| 351 | |
| 352 | diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c |
| 353 | index 8aeb7f8ee59c..80c5cc5640c1 100644 |
| 354 | --- a/drivers/gpu/drm/i915/intel_bios.c |
| 355 | +++ b/drivers/gpu/drm/i915/intel_bios.c |
| 356 | @@ -1219,7 +1219,7 @@ static void parse_ddi_ports(struct drm_i915_private *dev_priv, |
| 357 | { |
| 358 | enum port port; |
| 359 | |
| 360 | - if (!HAS_DDI(dev_priv)) |
| 361 | + if (!HAS_DDI(dev_priv) && !IS_CHERRYVIEW(dev_priv)) |
| 362 | return; |
| 363 | |
| 364 | if (!dev_priv->vbt.child_dev_num) |
| 365 | diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
| 366 | index f8efd20e4a90..ce32303b3013 100644 |
| 367 | --- a/drivers/gpu/drm/i915/intel_display.c |
| 368 | +++ b/drivers/gpu/drm/i915/intel_display.c |
| 369 | @@ -11471,13 +11471,10 @@ struct drm_display_mode *intel_crtc_mode_get(struct drm_device *dev, |
| 370 | { |
| 371 | struct drm_i915_private *dev_priv = to_i915(dev); |
| 372 | struct intel_crtc *intel_crtc = to_intel_crtc(crtc); |
| 373 | - enum transcoder cpu_transcoder = intel_crtc->config->cpu_transcoder; |
| 374 | + enum transcoder cpu_transcoder; |
| 375 | struct drm_display_mode *mode; |
| 376 | struct intel_crtc_state *pipe_config; |
| 377 | - int htot = I915_READ(HTOTAL(cpu_transcoder)); |
| 378 | - int hsync = I915_READ(HSYNC(cpu_transcoder)); |
| 379 | - int vtot = I915_READ(VTOTAL(cpu_transcoder)); |
| 380 | - int vsync = I915_READ(VSYNC(cpu_transcoder)); |
| 381 | + u32 htot, hsync, vtot, vsync; |
| 382 | enum pipe pipe = intel_crtc->pipe; |
| 383 | |
| 384 | mode = kzalloc(sizeof(*mode), GFP_KERNEL); |
| 385 | @@ -11505,6 +11502,13 @@ struct drm_display_mode *intel_crtc_mode_get(struct drm_device *dev, |
| 386 | i9xx_crtc_clock_get(intel_crtc, pipe_config); |
| 387 | |
| 388 | mode->clock = pipe_config->port_clock / pipe_config->pixel_multiplier; |
| 389 | + |
| 390 | + cpu_transcoder = pipe_config->cpu_transcoder; |
| 391 | + htot = I915_READ(HTOTAL(cpu_transcoder)); |
| 392 | + hsync = I915_READ(HSYNC(cpu_transcoder)); |
| 393 | + vtot = I915_READ(VTOTAL(cpu_transcoder)); |
| 394 | + vsync = I915_READ(VSYNC(cpu_transcoder)); |
| 395 | + |
| 396 | mode->hdisplay = (htot & 0xffff) + 1; |
| 397 | mode->htotal = ((htot & 0xffff0000) >> 16) + 1; |
| 398 | mode->hsync_start = (hsync & 0xffff) + 1; |
| 399 | diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c |
| 400 | index 7b06280b23aa..afa3d010c650 100644 |
| 401 | --- a/drivers/gpu/drm/i915/intel_dp.c |
| 402 | +++ b/drivers/gpu/drm/i915/intel_dp.c |
| 403 | @@ -2193,8 +2193,8 @@ static void edp_panel_off(struct intel_dp *intel_dp) |
| 404 | I915_WRITE(pp_ctrl_reg, pp); |
| 405 | POSTING_READ(pp_ctrl_reg); |
| 406 | |
| 407 | - intel_dp->panel_power_off_time = ktime_get_boottime(); |
| 408 | wait_panel_off(intel_dp); |
| 409 | + intel_dp->panel_power_off_time = ktime_get_boottime(); |
| 410 | |
| 411 | /* We got a reference when we enabled the VDD. */ |
| 412 | power_domain = intel_display_port_aux_power_domain(intel_encoder); |
| 413 | diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c |
| 414 | index ae83af649a60..7838343eb37c 100644 |
| 415 | --- a/drivers/hid/usbhid/hid-core.c |
| 416 | +++ b/drivers/hid/usbhid/hid-core.c |
| 417 | @@ -971,6 +971,8 @@ static int usbhid_parse(struct hid_device *hid) |
| 418 | unsigned int rsize = 0; |
| 419 | char *rdesc; |
| 420 | int ret, n; |
| 421 | + int num_descriptors; |
| 422 | + size_t offset = offsetof(struct hid_descriptor, desc); |
| 423 | |
| 424 | quirks = usbhid_lookup_quirk(le16_to_cpu(dev->descriptor.idVendor), |
| 425 | le16_to_cpu(dev->descriptor.idProduct)); |
| 426 | @@ -993,10 +995,18 @@ static int usbhid_parse(struct hid_device *hid) |
| 427 | return -ENODEV; |
| 428 | } |
| 429 | |
| 430 | + if (hdesc->bLength < sizeof(struct hid_descriptor)) { |
| 431 | + dbg_hid("hid descriptor is too short\n"); |
| 432 | + return -EINVAL; |
| 433 | + } |
| 434 | + |
| 435 | hid->version = le16_to_cpu(hdesc->bcdHID); |
| 436 | hid->country = hdesc->bCountryCode; |
| 437 | |
| 438 | - for (n = 0; n < hdesc->bNumDescriptors; n++) |
| 439 | + num_descriptors = min_t(int, hdesc->bNumDescriptors, |
| 440 | + (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); |
| 441 | + |
| 442 | + for (n = 0; n < num_descriptors; n++) |
| 443 | if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) |
| 444 | rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); |
| 445 | |
| 446 | diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c |
| 447 | index c380b7e8f1c6..1a0b110f12c0 100644 |
| 448 | --- a/drivers/iommu/amd_iommu.c |
| 449 | +++ b/drivers/iommu/amd_iommu.c |
| 450 | @@ -3120,6 +3120,7 @@ static size_t amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova, |
| 451 | mutex_unlock(&domain->api_lock); |
| 452 | |
| 453 | domain_flush_tlb_pde(domain); |
| 454 | + domain_flush_complete(domain); |
| 455 | |
| 456 | return unmap_size; |
| 457 | } |
| 458 | diff --git a/drivers/pinctrl/Kconfig b/drivers/pinctrl/Kconfig |
| 459 | index 0e75d94972ba..671610c989b6 100644 |
| 460 | --- a/drivers/pinctrl/Kconfig |
| 461 | +++ b/drivers/pinctrl/Kconfig |
| 462 | @@ -82,6 +82,7 @@ config PINCTRL_AMD |
| 463 | tristate "AMD GPIO pin control" |
| 464 | depends on GPIOLIB |
| 465 | select GPIOLIB_IRQCHIP |
| 466 | + select PINMUX |
| 467 | select PINCONF |
| 468 | select GENERIC_PINCONF |
| 469 | help |
| 470 | diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c |
| 471 | index baa7cdcc0ebc..325bf21ba13b 100644 |
| 472 | --- a/drivers/usb/gadget/composite.c |
| 473 | +++ b/drivers/usb/gadget/composite.c |
| 474 | @@ -2018,6 +2018,8 @@ static DEVICE_ATTR_RO(suspended); |
| 475 | static void __composite_unbind(struct usb_gadget *gadget, bool unbind_driver) |
| 476 | { |
| 477 | struct usb_composite_dev *cdev = get_gadget_data(gadget); |
| 478 | + struct usb_gadget_strings *gstr = cdev->driver->strings[0]; |
| 479 | + struct usb_string *dev_str = gstr->strings; |
| 480 | |
| 481 | /* composite_disconnect() must already have been called |
| 482 | * by the underlying peripheral controller driver! |
| 483 | @@ -2037,6 +2039,9 @@ static void __composite_unbind(struct usb_gadget *gadget, bool unbind_driver) |
| 484 | |
| 485 | composite_dev_cleanup(cdev); |
| 486 | |
| 487 | + if (dev_str[USB_GADGET_MANUFACTURER_IDX].s == cdev->def_manufacturer) |
| 488 | + dev_str[USB_GADGET_MANUFACTURER_IDX].s = ""; |
| 489 | + |
| 490 | kfree(cdev->def_manufacturer); |
| 491 | kfree(cdev); |
| 492 | set_gadget_data(gadget, NULL); |
| 493 | diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c |
| 494 | index 3984787f8e97..502a096fc380 100644 |
| 495 | --- a/drivers/usb/gadget/configfs.c |
| 496 | +++ b/drivers/usb/gadget/configfs.c |
| 497 | @@ -1140,11 +1140,12 @@ static struct configfs_attribute *interf_grp_attrs[] = { |
| 498 | NULL |
| 499 | }; |
| 500 | |
| 501 | -int usb_os_desc_prepare_interf_dir(struct config_group *parent, |
| 502 | - int n_interf, |
| 503 | - struct usb_os_desc **desc, |
| 504 | - char **names, |
| 505 | - struct module *owner) |
| 506 | +struct config_group *usb_os_desc_prepare_interf_dir( |
| 507 | + struct config_group *parent, |
| 508 | + int n_interf, |
| 509 | + struct usb_os_desc **desc, |
| 510 | + char **names, |
| 511 | + struct module *owner) |
| 512 | { |
| 513 | struct config_group *os_desc_group; |
| 514 | struct config_item_type *os_desc_type, *interface_type; |
| 515 | @@ -1156,7 +1157,7 @@ int usb_os_desc_prepare_interf_dir(struct config_group *parent, |
| 516 | |
| 517 | char *vlabuf = kzalloc(vla_group_size(data_chunk), GFP_KERNEL); |
| 518 | if (!vlabuf) |
| 519 | - return -ENOMEM; |
| 520 | + return ERR_PTR(-ENOMEM); |
| 521 | |
| 522 | os_desc_group = vla_ptr(vlabuf, data_chunk, os_desc_group); |
| 523 | os_desc_type = vla_ptr(vlabuf, data_chunk, os_desc_type); |
| 524 | @@ -1181,7 +1182,7 @@ int usb_os_desc_prepare_interf_dir(struct config_group *parent, |
| 525 | configfs_add_default_group(&d->group, os_desc_group); |
| 526 | } |
| 527 | |
| 528 | - return 0; |
| 529 | + return os_desc_group; |
| 530 | } |
| 531 | EXPORT_SYMBOL(usb_os_desc_prepare_interf_dir); |
| 532 | |
| 533 | diff --git a/drivers/usb/gadget/configfs.h b/drivers/usb/gadget/configfs.h |
| 534 | index 36c468c4f5e9..540d5e92ed22 100644 |
| 535 | --- a/drivers/usb/gadget/configfs.h |
| 536 | +++ b/drivers/usb/gadget/configfs.h |
| 537 | @@ -5,11 +5,12 @@ |
| 538 | |
| 539 | void unregister_gadget_item(struct config_item *item); |
| 540 | |
| 541 | -int usb_os_desc_prepare_interf_dir(struct config_group *parent, |
| 542 | - int n_interf, |
| 543 | - struct usb_os_desc **desc, |
| 544 | - char **names, |
| 545 | - struct module *owner); |
| 546 | +struct config_group *usb_os_desc_prepare_interf_dir( |
| 547 | + struct config_group *parent, |
| 548 | + int n_interf, |
| 549 | + struct usb_os_desc **desc, |
| 550 | + char **names, |
| 551 | + struct module *owner); |
| 552 | |
| 553 | static inline struct usb_os_desc *to_usb_os_desc(struct config_item *item) |
| 554 | { |
| 555 | diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c |
| 556 | index 16562e461121..ba00cdb809d6 100644 |
| 557 | --- a/drivers/usb/gadget/function/f_rndis.c |
| 558 | +++ b/drivers/usb/gadget/function/f_rndis.c |
| 559 | @@ -892,6 +892,7 @@ static void rndis_free_inst(struct usb_function_instance *f) |
| 560 | free_netdev(opts->net); |
| 561 | } |
| 562 | |
| 563 | + kfree(opts->rndis_interf_group); /* single VLA chunk */ |
| 564 | kfree(opts); |
| 565 | } |
| 566 | |
| 567 | @@ -900,6 +901,7 @@ static struct usb_function_instance *rndis_alloc_inst(void) |
| 568 | struct f_rndis_opts *opts; |
| 569 | struct usb_os_desc *descs[1]; |
| 570 | char *names[1]; |
| 571 | + struct config_group *rndis_interf_group; |
| 572 | |
| 573 | opts = kzalloc(sizeof(*opts), GFP_KERNEL); |
| 574 | if (!opts) |
| 575 | @@ -920,8 +922,14 @@ static struct usb_function_instance *rndis_alloc_inst(void) |
| 576 | names[0] = "rndis"; |
| 577 | config_group_init_type_name(&opts->func_inst.group, "", |
| 578 | &rndis_func_type); |
| 579 | - usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, |
| 580 | - names, THIS_MODULE); |
| 581 | + rndis_interf_group = |
| 582 | + usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, |
| 583 | + names, THIS_MODULE); |
| 584 | + if (IS_ERR(rndis_interf_group)) { |
| 585 | + rndis_free_inst(&opts->func_inst); |
| 586 | + return ERR_CAST(rndis_interf_group); |
| 587 | + } |
| 588 | + opts->rndis_interf_group = rndis_interf_group; |
| 589 | |
| 590 | return &opts->func_inst; |
| 591 | } |
| 592 | diff --git a/drivers/usb/gadget/function/u_rndis.h b/drivers/usb/gadget/function/u_rndis.h |
| 593 | index 4eafd5050545..4e2ad04fe8d6 100644 |
| 594 | --- a/drivers/usb/gadget/function/u_rndis.h |
| 595 | +++ b/drivers/usb/gadget/function/u_rndis.h |
| 596 | @@ -26,6 +26,7 @@ struct f_rndis_opts { |
| 597 | bool bound; |
| 598 | bool borrowed_net; |
| 599 | |
| 600 | + struct config_group *rndis_interf_group; |
| 601 | struct usb_os_desc rndis_os_desc; |
| 602 | char rndis_ext_compat_id[16]; |
| 603 | |
| 604 | diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c |
| 605 | index fb17fb23fa9a..b62a3de65075 100644 |
| 606 | --- a/drivers/usb/gadget/udc/dummy_hcd.c |
| 607 | +++ b/drivers/usb/gadget/udc/dummy_hcd.c |
| 608 | @@ -420,6 +420,7 @@ static void set_link_state_by_speed(struct dummy_hcd *dum_hcd) |
| 609 | static void set_link_state(struct dummy_hcd *dum_hcd) |
| 610 | { |
| 611 | struct dummy *dum = dum_hcd->dum; |
| 612 | + unsigned int power_bit; |
| 613 | |
| 614 | dum_hcd->active = 0; |
| 615 | if (dum->pullup) |
| 616 | @@ -430,17 +431,19 @@ static void set_link_state(struct dummy_hcd *dum_hcd) |
| 617 | return; |
| 618 | |
| 619 | set_link_state_by_speed(dum_hcd); |
| 620 | + power_bit = (dummy_hcd_to_hcd(dum_hcd)->speed == HCD_USB3 ? |
| 621 | + USB_SS_PORT_STAT_POWER : USB_PORT_STAT_POWER); |
| 622 | |
| 623 | if ((dum_hcd->port_status & USB_PORT_STAT_ENABLE) == 0 || |
| 624 | dum_hcd->active) |
| 625 | dum_hcd->resuming = 0; |
| 626 | |
| 627 | /* Currently !connected or in reset */ |
| 628 | - if ((dum_hcd->port_status & USB_PORT_STAT_CONNECTION) == 0 || |
| 629 | + if ((dum_hcd->port_status & power_bit) == 0 || |
| 630 | (dum_hcd->port_status & USB_PORT_STAT_RESET) != 0) { |
| 631 | - unsigned disconnect = USB_PORT_STAT_CONNECTION & |
| 632 | + unsigned int disconnect = power_bit & |
| 633 | dum_hcd->old_status & (~dum_hcd->port_status); |
| 634 | - unsigned reset = USB_PORT_STAT_RESET & |
| 635 | + unsigned int reset = USB_PORT_STAT_RESET & |
| 636 | (~dum_hcd->old_status) & dum_hcd->port_status; |
| 637 | |
| 638 | /* Report reset and disconnect events to the driver */ |
| 639 | diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c |
| 640 | index 8897195396b2..6c6a3a8df07a 100644 |
| 641 | --- a/drivers/usb/renesas_usbhs/fifo.c |
| 642 | +++ b/drivers/usb/renesas_usbhs/fifo.c |
| 643 | @@ -860,9 +860,9 @@ static void xfer_work(struct work_struct *work) |
| 644 | fifo->name, usbhs_pipe_number(pipe), pkt->length, pkt->zero); |
| 645 | |
| 646 | usbhs_pipe_running(pipe, 1); |
| 647 | - usbhsf_dma_start(pipe, fifo); |
| 648 | usbhs_pipe_set_trans_count_if_bulk(pipe, pkt->trans); |
| 649 | dma_async_issue_pending(chan); |
| 650 | + usbhsf_dma_start(pipe, fifo); |
| 651 | usbhs_pipe_enable(pipe); |
| 652 | |
| 653 | xfer_work_end: |
| 654 | diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c |
| 655 | index b6f1adefb758..76062ce2d459 100644 |
| 656 | --- a/drivers/usb/serial/console.c |
| 657 | +++ b/drivers/usb/serial/console.c |
| 658 | @@ -186,6 +186,7 @@ static int usb_console_setup(struct console *co, char *options) |
| 659 | tty_kref_put(tty); |
| 660 | reset_open_count: |
| 661 | port->port.count = 0; |
| 662 | + info->port = NULL; |
| 663 | usb_autopm_put_interface(serial->interface); |
| 664 | error_get_interface: |
| 665 | usb_serial_put(serial); |
| 666 | diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c |
| 667 | index 470b17b0c11b..11ee55e080e5 100644 |
| 668 | --- a/drivers/usb/serial/cp210x.c |
| 669 | +++ b/drivers/usb/serial/cp210x.c |
| 670 | @@ -171,6 +171,7 @@ static const struct usb_device_id id_table[] = { |
| 671 | { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */ |
| 672 | { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */ |
| 673 | { USB_DEVICE(0x18EF, 0xE025) }, /* ELV Marble Sound Board 1 */ |
| 674 | + { USB_DEVICE(0x18EF, 0xE032) }, /* ELV TFD500 Data Logger */ |
| 675 | { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */ |
| 676 | { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */ |
| 677 | { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */ |
| 678 | diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c |
| 679 | index 19394963f675..3249f42b4b93 100644 |
| 680 | --- a/drivers/usb/serial/ftdi_sio.c |
| 681 | +++ b/drivers/usb/serial/ftdi_sio.c |
| 682 | @@ -1015,6 +1015,8 @@ static const struct usb_device_id id_table_combined[] = { |
| 683 | { USB_DEVICE(WICED_VID, WICED_USB20706V2_PID) }, |
| 684 | { USB_DEVICE(TI_VID, TI_CC3200_LAUNCHPAD_PID), |
| 685 | .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, |
| 686 | + { USB_DEVICE(CYPRESS_VID, CYPRESS_WICED_BT_USB_PID) }, |
| 687 | + { USB_DEVICE(CYPRESS_VID, CYPRESS_WICED_WL_USB_PID) }, |
| 688 | { } /* Terminating entry */ |
| 689 | }; |
| 690 | |
| 691 | diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h |
| 692 | index 4fcf1cecb6d7..f9d15bd62785 100644 |
| 693 | --- a/drivers/usb/serial/ftdi_sio_ids.h |
| 694 | +++ b/drivers/usb/serial/ftdi_sio_ids.h |
| 695 | @@ -609,6 +609,13 @@ |
| 696 | #define ADI_GNICE_PID 0xF000 |
| 697 | #define ADI_GNICEPLUS_PID 0xF001 |
| 698 | |
| 699 | +/* |
| 700 | + * Cypress WICED USB UART |
| 701 | + */ |
| 702 | +#define CYPRESS_VID 0x04B4 |
| 703 | +#define CYPRESS_WICED_BT_USB_PID 0x009B |
| 704 | +#define CYPRESS_WICED_WL_USB_PID 0xF900 |
| 705 | + |
| 706 | /* |
| 707 | * Microchip Technology, Inc. |
| 708 | * |
| 709 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
| 710 | index 2a9944326210..db3d34c2c82e 100644 |
| 711 | --- a/drivers/usb/serial/option.c |
| 712 | +++ b/drivers/usb/serial/option.c |
| 713 | @@ -522,6 +522,7 @@ static void option_instat_callback(struct urb *urb); |
| 714 | |
| 715 | /* TP-LINK Incorporated products */ |
| 716 | #define TPLINK_VENDOR_ID 0x2357 |
| 717 | +#define TPLINK_PRODUCT_LTE 0x000D |
| 718 | #define TPLINK_PRODUCT_MA180 0x0201 |
| 719 | |
| 720 | /* Changhong products */ |
| 721 | @@ -2011,6 +2012,7 @@ static const struct usb_device_id option_ids[] = { |
| 722 | { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) }, |
| 723 | { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600A) }, |
| 724 | { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600E) }, |
| 725 | + { USB_DEVICE_AND_INTERFACE_INFO(TPLINK_VENDOR_ID, TPLINK_PRODUCT_LTE, 0xff, 0x00, 0x00) }, /* TP-Link LTE Module */ |
| 726 | { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), |
| 727 | .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, |
| 728 | { USB_DEVICE(TPLINK_VENDOR_ID, 0x9000), /* TP-Link MA260 */ |
| 729 | diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c |
| 730 | index 652b4334b26d..e1c1e329c877 100644 |
| 731 | --- a/drivers/usb/serial/qcserial.c |
| 732 | +++ b/drivers/usb/serial/qcserial.c |
| 733 | @@ -174,6 +174,10 @@ static const struct usb_device_id id_table[] = { |
| 734 | {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ |
| 735 | {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ |
| 736 | {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ |
| 737 | + {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ |
| 738 | + {DEVICE_SWI(0x413c, 0x81d0)}, /* Dell Wireless 5819 */ |
| 739 | + {DEVICE_SWI(0x413c, 0x81d1)}, /* Dell Wireless 5818 */ |
| 740 | + {DEVICE_SWI(0x413c, 0x81d2)}, /* Dell Wireless 5818 */ |
| 741 | |
| 742 | /* Huawei devices */ |
| 743 | {DEVICE_HWI(0x03f0, 0x581d)}, /* HP lt4112 LTE/HSPA+ Gobi 4G Modem (Huawei me906e) */ |
| 744 | diff --git a/fs/block_dev.c b/fs/block_dev.c |
| 745 | index 07e46b786500..cb936c90ae82 100644 |
| 746 | --- a/fs/block_dev.c |
| 747 | +++ b/fs/block_dev.c |
| 748 | @@ -450,10 +450,12 @@ int bdev_write_page(struct block_device *bdev, sector_t sector, |
| 749 | |
| 750 | set_page_writeback(page); |
| 751 | result = ops->rw_page(bdev, sector + get_start_sect(bdev), page, true); |
| 752 | - if (result) |
| 753 | + if (result) { |
| 754 | end_page_writeback(page); |
| 755 | - else |
| 756 | + } else { |
| 757 | + clean_page_buffers(page); |
| 758 | unlock_page(page); |
| 759 | + } |
| 760 | blk_queue_exit(bdev->bd_queue); |
| 761 | return result; |
| 762 | } |
| 763 | diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h |
| 764 | index 48ef401c3c61..7b496a4e650e 100644 |
| 765 | --- a/fs/cifs/cifsglob.h |
| 766 | +++ b/fs/cifs/cifsglob.h |
| 767 | @@ -365,6 +365,8 @@ struct smb_version_operations { |
| 768 | unsigned int (*calc_smb_size)(void *); |
| 769 | /* check for STATUS_PENDING and process it in a positive case */ |
| 770 | bool (*is_status_pending)(char *, struct TCP_Server_Info *, int); |
| 771 | + /* check for STATUS_NETWORK_SESSION_EXPIRED */ |
| 772 | + bool (*is_session_expired)(char *); |
| 773 | /* send oplock break response */ |
| 774 | int (*oplock_response)(struct cifs_tcon *, struct cifs_fid *, |
| 775 | struct cifsInodeInfo *); |
| 776 | diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c |
| 777 | index 1f91c9dadd5b..cc420d6b71f7 100644 |
| 778 | --- a/fs/cifs/cifssmb.c |
| 779 | +++ b/fs/cifs/cifssmb.c |
| 780 | @@ -1457,6 +1457,13 @@ cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) |
| 781 | return length; |
| 782 | server->total_read += length; |
| 783 | |
| 784 | + if (server->ops->is_session_expired && |
| 785 | + server->ops->is_session_expired(buf)) { |
| 786 | + cifs_reconnect(server); |
| 787 | + wake_up(&server->response_q); |
| 788 | + return -1; |
| 789 | + } |
| 790 | + |
| 791 | if (server->ops->is_status_pending && |
| 792 | server->ops->is_status_pending(buf, server, 0)) { |
| 793 | discard_remaining_data(server); |
| 794 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c |
| 795 | index f6712b6128d8..580b3a4ca53a 100644 |
| 796 | --- a/fs/cifs/connect.c |
| 797 | +++ b/fs/cifs/connect.c |
| 798 | @@ -796,6 +796,13 @@ standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid) |
| 799 | cifs_dump_mem("Bad SMB: ", buf, |
| 800 | min_t(unsigned int, server->total_read, 48)); |
| 801 | |
| 802 | + if (server->ops->is_session_expired && |
| 803 | + server->ops->is_session_expired(buf)) { |
| 804 | + cifs_reconnect(server); |
| 805 | + wake_up(&server->response_q); |
| 806 | + return -1; |
| 807 | + } |
| 808 | + |
| 809 | if (server->ops->is_status_pending && |
| 810 | server->ops->is_status_pending(buf, server, length)) |
| 811 | return -1; |
| 812 | diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c |
| 813 | index b6968241c26f..812e4884c392 100644 |
| 814 | --- a/fs/cifs/smb2ops.c |
| 815 | +++ b/fs/cifs/smb2ops.c |
| 816 | @@ -1018,6 +1018,18 @@ smb2_is_status_pending(char *buf, struct TCP_Server_Info *server, int length) |
| 817 | return true; |
| 818 | } |
| 819 | |
| 820 | +static bool |
| 821 | +smb2_is_session_expired(char *buf) |
| 822 | +{ |
| 823 | + struct smb2_hdr *hdr = (struct smb2_hdr *)buf; |
| 824 | + |
| 825 | + if (hdr->Status != STATUS_NETWORK_SESSION_EXPIRED) |
| 826 | + return false; |
| 827 | + |
| 828 | + cifs_dbg(FYI, "Session expired\n"); |
| 829 | + return true; |
| 830 | +} |
| 831 | + |
| 832 | static int |
| 833 | smb2_oplock_response(struct cifs_tcon *tcon, struct cifs_fid *fid, |
| 834 | struct cifsInodeInfo *cinode) |
| 835 | @@ -1609,6 +1621,7 @@ struct smb_version_operations smb20_operations = { |
| 836 | .close_dir = smb2_close_dir, |
| 837 | .calc_smb_size = smb2_calc_size, |
| 838 | .is_status_pending = smb2_is_status_pending, |
| 839 | + .is_session_expired = smb2_is_session_expired, |
| 840 | .oplock_response = smb2_oplock_response, |
| 841 | .queryfs = smb2_queryfs, |
| 842 | .mand_lock = smb2_mand_lock, |
| 843 | @@ -1690,6 +1703,7 @@ struct smb_version_operations smb21_operations = { |
| 844 | .close_dir = smb2_close_dir, |
| 845 | .calc_smb_size = smb2_calc_size, |
| 846 | .is_status_pending = smb2_is_status_pending, |
| 847 | + .is_session_expired = smb2_is_session_expired, |
| 848 | .oplock_response = smb2_oplock_response, |
| 849 | .queryfs = smb2_queryfs, |
| 850 | .mand_lock = smb2_mand_lock, |
| 851 | @@ -1773,6 +1787,7 @@ struct smb_version_operations smb30_operations = { |
| 852 | .close_dir = smb2_close_dir, |
| 853 | .calc_smb_size = smb2_calc_size, |
| 854 | .is_status_pending = smb2_is_status_pending, |
| 855 | + .is_session_expired = smb2_is_session_expired, |
| 856 | .oplock_response = smb2_oplock_response, |
| 857 | .queryfs = smb2_queryfs, |
| 858 | .mand_lock = smb2_mand_lock, |
| 859 | @@ -1862,6 +1877,7 @@ struct smb_version_operations smb311_operations = { |
| 860 | .close_dir = smb2_close_dir, |
| 861 | .calc_smb_size = smb2_calc_size, |
| 862 | .is_status_pending = smb2_is_status_pending, |
| 863 | + .is_session_expired = smb2_is_session_expired, |
| 864 | .oplock_response = smb2_oplock_response, |
| 865 | .queryfs = smb2_queryfs, |
| 866 | .mand_lock = smb2_mand_lock, |
| 867 | diff --git a/fs/direct-io.c b/fs/direct-io.c |
| 868 | index c60756e89833..c6220a2daefd 100644 |
| 869 | --- a/fs/direct-io.c |
| 870 | +++ b/fs/direct-io.c |
| 871 | @@ -835,7 +835,8 @@ submit_page_section(struct dio *dio, struct dio_submit *sdio, struct page *page, |
| 872 | */ |
| 873 | if (sdio->boundary) { |
| 874 | ret = dio_send_cur_page(dio, sdio, map_bh); |
| 875 | - dio_bio_submit(dio, sdio); |
| 876 | + if (sdio->bio) |
| 877 | + dio_bio_submit(dio, sdio); |
| 878 | put_page(sdio->cur_page); |
| 879 | sdio->cur_page = NULL; |
| 880 | } |
| 881 | diff --git a/fs/ext4/file.c b/fs/ext4/file.c |
| 882 | index d17d12ed6f73..510e66422f04 100644 |
| 883 | --- a/fs/ext4/file.c |
| 884 | +++ b/fs/ext4/file.c |
| 885 | @@ -527,7 +527,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) |
| 886 | inode_lock(inode); |
| 887 | |
| 888 | isize = i_size_read(inode); |
| 889 | - if (offset >= isize) { |
| 890 | + if (offset < 0 || offset >= isize) { |
| 891 | inode_unlock(inode); |
| 892 | return -ENXIO; |
| 893 | } |
| 894 | @@ -590,7 +590,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) |
| 895 | inode_lock(inode); |
| 896 | |
| 897 | isize = i_size_read(inode); |
| 898 | - if (offset >= isize) { |
| 899 | + if (offset < 0 || offset >= isize) { |
| 900 | inode_unlock(inode); |
| 901 | return -ENXIO; |
| 902 | } |
| 903 | diff --git a/fs/mpage.c b/fs/mpage.c |
| 904 | index d2fcb149720d..e2ea442bb9e1 100644 |
| 905 | --- a/fs/mpage.c |
| 906 | +++ b/fs/mpage.c |
| 907 | @@ -466,6 +466,16 @@ static void clean_buffers(struct page *page, unsigned first_unmapped) |
| 908 | try_to_free_buffers(page); |
| 909 | } |
| 910 | |
| 911 | +/* |
| 912 | + * For situations where we want to clean all buffers attached to a page. |
| 913 | + * We don't need to calculate how many buffers are attached to the page, |
| 914 | + * we just need to specify a number larger than the maximum number of buffers. |
| 915 | + */ |
| 916 | +void clean_page_buffers(struct page *page) |
| 917 | +{ |
| 918 | + clean_buffers(page, ~0U); |
| 919 | +} |
| 920 | + |
| 921 | static int __mpage_writepage(struct page *page, struct writeback_control *wbc, |
| 922 | void *data) |
| 923 | { |
| 924 | @@ -604,10 +614,8 @@ static int __mpage_writepage(struct page *page, struct writeback_control *wbc, |
| 925 | if (bio == NULL) { |
| 926 | if (first_unmapped == blocks_per_page) { |
| 927 | if (!bdev_write_page(bdev, blocks[0] << (blkbits - 9), |
| 928 | - page, wbc)) { |
| 929 | - clean_buffers(page, first_unmapped); |
| 930 | + page, wbc)) |
| 931 | goto out; |
| 932 | - } |
| 933 | } |
| 934 | bio = mpage_alloc(bdev, blocks[0] << (blkbits - 9), |
| 935 | BIO_MAX_PAGES, GFP_NOFS|__GFP_HIGH); |
| 936 | diff --git a/include/linux/buffer_head.h b/include/linux/buffer_head.h |
| 937 | index ebbacd14d450..447a915db25d 100644 |
| 938 | --- a/include/linux/buffer_head.h |
| 939 | +++ b/include/linux/buffer_head.h |
| 940 | @@ -226,6 +226,7 @@ int generic_write_end(struct file *, struct address_space *, |
| 941 | loff_t, unsigned, unsigned, |
| 942 | struct page *, void *); |
| 943 | void page_zero_new_buffers(struct page *page, unsigned from, unsigned to); |
| 944 | +void clean_page_buffers(struct page *page); |
| 945 | int cont_write_begin(struct file *, struct address_space *, loff_t, |
| 946 | unsigned, unsigned, struct page **, void **, |
| 947 | get_block_t *, loff_t *); |
| 948 | diff --git a/include/sound/seq_virmidi.h b/include/sound/seq_virmidi.h |
| 949 | index a03acd0d398a..695257ae64ac 100644 |
| 950 | --- a/include/sound/seq_virmidi.h |
| 951 | +++ b/include/sound/seq_virmidi.h |
| 952 | @@ -60,6 +60,7 @@ struct snd_virmidi_dev { |
| 953 | int port; /* created/attached port */ |
| 954 | unsigned int flags; /* SNDRV_VIRMIDI_* */ |
| 955 | rwlock_t filelist_lock; |
| 956 | + struct rw_semaphore filelist_sem; |
| 957 | struct list_head filelist; |
| 958 | }; |
| 959 | |
| 960 | diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c |
| 961 | index 10f62c6f48e7..d1a02877a42c 100644 |
| 962 | --- a/kernel/rcu/tree.c |
| 963 | +++ b/kernel/rcu/tree.c |
| 964 | @@ -792,8 +792,13 @@ void rcu_irq_exit(void) |
| 965 | long long oldval; |
| 966 | struct rcu_dynticks *rdtp; |
| 967 | |
| 968 | - RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!"); |
| 969 | rdtp = this_cpu_ptr(&rcu_dynticks); |
| 970 | + |
| 971 | + /* Page faults can happen in NMI handlers, so check... */ |
| 972 | + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) |
| 973 | + return; |
| 974 | + |
| 975 | + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!"); |
| 976 | oldval = rdtp->dynticks_nesting; |
| 977 | rdtp->dynticks_nesting--; |
| 978 | WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && |
| 979 | @@ -930,8 +935,13 @@ void rcu_irq_enter(void) |
| 980 | struct rcu_dynticks *rdtp; |
| 981 | long long oldval; |
| 982 | |
| 983 | - RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!"); |
| 984 | rdtp = this_cpu_ptr(&rcu_dynticks); |
| 985 | + |
| 986 | + /* Page faults can happen in NMI handlers, so check... */ |
| 987 | + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) |
| 988 | + return; |
| 989 | + |
| 990 | + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!"); |
| 991 | oldval = rdtp->dynticks_nesting; |
| 992 | rdtp->dynticks_nesting++; |
| 993 | WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && |
| 994 | diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c |
| 995 | index ece0fbc08607..c626f679e1c8 100644 |
| 996 | --- a/net/wireless/nl80211.c |
| 997 | +++ b/net/wireless/nl80211.c |
| 998 | @@ -541,6 +541,14 @@ nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { |
| 999 | [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, |
| 1000 | }; |
| 1001 | |
| 1002 | +/* policy for packet pattern attributes */ |
| 1003 | +static const struct nla_policy |
| 1004 | +nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = { |
| 1005 | + [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, }, |
| 1006 | + [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, }, |
| 1007 | + [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 }, |
| 1008 | +}; |
| 1009 | + |
| 1010 | static int nl80211_prepare_wdev_dump(struct sk_buff *skb, |
| 1011 | struct netlink_callback *cb, |
| 1012 | struct cfg80211_registered_device **rdev, |
| 1013 | @@ -10009,7 +10017,7 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) |
| 1014 | u8 *mask_pat; |
| 1015 | |
| 1016 | nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat), |
| 1017 | - nla_len(pat), NULL); |
| 1018 | + nla_len(pat), nl80211_packet_pattern_policy); |
| 1019 | err = -EINVAL; |
| 1020 | if (!pat_tb[NL80211_PKTPAT_MASK] || |
| 1021 | !pat_tb[NL80211_PKTPAT_PATTERN]) |
| 1022 | @@ -10259,7 +10267,7 @@ static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, |
| 1023 | u8 *mask_pat; |
| 1024 | |
| 1025 | nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat), |
| 1026 | - nla_len(pat), NULL); |
| 1027 | + nla_len(pat), nl80211_packet_pattern_policy); |
| 1028 | if (!pat_tb[NL80211_PKTPAT_MASK] || |
| 1029 | !pat_tb[NL80211_PKTPAT_PATTERN]) |
| 1030 | return -EINVAL; |
| 1031 | diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c |
| 1032 | index 67c4c68ce041..c41148353e19 100644 |
| 1033 | --- a/sound/core/seq/seq_clientmgr.c |
| 1034 | +++ b/sound/core/seq/seq_clientmgr.c |
| 1035 | @@ -1259,6 +1259,7 @@ static int snd_seq_ioctl_create_port(struct snd_seq_client *client, void *arg) |
| 1036 | struct snd_seq_port_info *info = arg; |
| 1037 | struct snd_seq_client_port *port; |
| 1038 | struct snd_seq_port_callback *callback; |
| 1039 | + int port_idx; |
| 1040 | |
| 1041 | /* it is not allowed to create the port for an another client */ |
| 1042 | if (info->addr.client != client->number) |
| 1043 | @@ -1269,7 +1270,9 @@ static int snd_seq_ioctl_create_port(struct snd_seq_client *client, void *arg) |
| 1044 | return -ENOMEM; |
| 1045 | |
| 1046 | if (client->type == USER_CLIENT && info->kernel) { |
| 1047 | - snd_seq_delete_port(client, port->addr.port); |
| 1048 | + port_idx = port->addr.port; |
| 1049 | + snd_seq_port_unlock(port); |
| 1050 | + snd_seq_delete_port(client, port_idx); |
| 1051 | return -EINVAL; |
| 1052 | } |
| 1053 | if (client->type == KERNEL_CLIENT) { |
| 1054 | @@ -1290,6 +1293,7 @@ static int snd_seq_ioctl_create_port(struct snd_seq_client *client, void *arg) |
| 1055 | |
| 1056 | snd_seq_set_port_info(port, info); |
| 1057 | snd_seq_system_client_ev_port_start(port->addr.client, port->addr.port); |
| 1058 | + snd_seq_port_unlock(port); |
| 1059 | |
| 1060 | return 0; |
| 1061 | } |
| 1062 | diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c |
| 1063 | index fe686ee41c6d..f04714d70bf7 100644 |
| 1064 | --- a/sound/core/seq/seq_ports.c |
| 1065 | +++ b/sound/core/seq/seq_ports.c |
| 1066 | @@ -122,7 +122,9 @@ static void port_subs_info_init(struct snd_seq_port_subs_info *grp) |
| 1067 | } |
| 1068 | |
| 1069 | |
| 1070 | -/* create a port, port number is returned (-1 on failure) */ |
| 1071 | +/* create a port, port number is returned (-1 on failure); |
| 1072 | + * the caller needs to unref the port via snd_seq_port_unlock() appropriately |
| 1073 | + */ |
| 1074 | struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, |
| 1075 | int port) |
| 1076 | { |
| 1077 | @@ -151,6 +153,7 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, |
| 1078 | snd_use_lock_init(&new_port->use_lock); |
| 1079 | port_subs_info_init(&new_port->c_src); |
| 1080 | port_subs_info_init(&new_port->c_dest); |
| 1081 | + snd_use_lock_use(&new_port->use_lock); |
| 1082 | |
| 1083 | num = port >= 0 ? port : 0; |
| 1084 | mutex_lock(&client->ports_mutex); |
| 1085 | @@ -165,9 +168,9 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, |
| 1086 | list_add_tail(&new_port->list, &p->list); |
| 1087 | client->num_ports++; |
| 1088 | new_port->addr.port = num; /* store the port number in the port */ |
| 1089 | + sprintf(new_port->name, "port-%d", num); |
| 1090 | write_unlock_irqrestore(&client->ports_lock, flags); |
| 1091 | mutex_unlock(&client->ports_mutex); |
| 1092 | - sprintf(new_port->name, "port-%d", num); |
| 1093 | |
| 1094 | return new_port; |
| 1095 | } |
| 1096 | diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c |
| 1097 | index c82ed3e70506..200764948ed1 100644 |
| 1098 | --- a/sound/core/seq/seq_virmidi.c |
| 1099 | +++ b/sound/core/seq/seq_virmidi.c |
| 1100 | @@ -77,13 +77,17 @@ static void snd_virmidi_init_event(struct snd_virmidi *vmidi, |
| 1101 | * decode input event and put to read buffer of each opened file |
| 1102 | */ |
| 1103 | static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev, |
| 1104 | - struct snd_seq_event *ev) |
| 1105 | + struct snd_seq_event *ev, |
| 1106 | + bool atomic) |
| 1107 | { |
| 1108 | struct snd_virmidi *vmidi; |
| 1109 | unsigned char msg[4]; |
| 1110 | int len; |
| 1111 | |
| 1112 | - read_lock(&rdev->filelist_lock); |
| 1113 | + if (atomic) |
| 1114 | + read_lock(&rdev->filelist_lock); |
| 1115 | + else |
| 1116 | + down_read(&rdev->filelist_sem); |
| 1117 | list_for_each_entry(vmidi, &rdev->filelist, list) { |
| 1118 | if (!vmidi->trigger) |
| 1119 | continue; |
| 1120 | @@ -97,7 +101,10 @@ static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev, |
| 1121 | snd_rawmidi_receive(vmidi->substream, msg, len); |
| 1122 | } |
| 1123 | } |
| 1124 | - read_unlock(&rdev->filelist_lock); |
| 1125 | + if (atomic) |
| 1126 | + read_unlock(&rdev->filelist_lock); |
| 1127 | + else |
| 1128 | + up_read(&rdev->filelist_sem); |
| 1129 | |
| 1130 | return 0; |
| 1131 | } |
| 1132 | @@ -115,7 +122,7 @@ int snd_virmidi_receive(struct snd_rawmidi *rmidi, struct snd_seq_event *ev) |
| 1133 | struct snd_virmidi_dev *rdev; |
| 1134 | |
| 1135 | rdev = rmidi->private_data; |
| 1136 | - return snd_virmidi_dev_receive_event(rdev, ev); |
| 1137 | + return snd_virmidi_dev_receive_event(rdev, ev, true); |
| 1138 | } |
| 1139 | #endif /* 0 */ |
| 1140 | |
| 1141 | @@ -130,7 +137,7 @@ static int snd_virmidi_event_input(struct snd_seq_event *ev, int direct, |
| 1142 | rdev = private_data; |
| 1143 | if (!(rdev->flags & SNDRV_VIRMIDI_USE)) |
| 1144 | return 0; /* ignored */ |
| 1145 | - return snd_virmidi_dev_receive_event(rdev, ev); |
| 1146 | + return snd_virmidi_dev_receive_event(rdev, ev, atomic); |
| 1147 | } |
| 1148 | |
| 1149 | /* |
| 1150 | @@ -209,7 +216,6 @@ static int snd_virmidi_input_open(struct snd_rawmidi_substream *substream) |
| 1151 | struct snd_virmidi_dev *rdev = substream->rmidi->private_data; |
| 1152 | struct snd_rawmidi_runtime *runtime = substream->runtime; |
| 1153 | struct snd_virmidi *vmidi; |
| 1154 | - unsigned long flags; |
| 1155 | |
| 1156 | vmidi = kzalloc(sizeof(*vmidi), GFP_KERNEL); |
| 1157 | if (vmidi == NULL) |
| 1158 | @@ -223,9 +229,11 @@ static int snd_virmidi_input_open(struct snd_rawmidi_substream *substream) |
| 1159 | vmidi->client = rdev->client; |
| 1160 | vmidi->port = rdev->port; |
| 1161 | runtime->private_data = vmidi; |
| 1162 | - write_lock_irqsave(&rdev->filelist_lock, flags); |
| 1163 | + down_write(&rdev->filelist_sem); |
| 1164 | + write_lock_irq(&rdev->filelist_lock); |
| 1165 | list_add_tail(&vmidi->list, &rdev->filelist); |
| 1166 | - write_unlock_irqrestore(&rdev->filelist_lock, flags); |
| 1167 | + write_unlock_irq(&rdev->filelist_lock); |
| 1168 | + up_write(&rdev->filelist_sem); |
| 1169 | vmidi->rdev = rdev; |
| 1170 | return 0; |
| 1171 | } |
| 1172 | @@ -264,9 +272,11 @@ static int snd_virmidi_input_close(struct snd_rawmidi_substream *substream) |
| 1173 | struct snd_virmidi_dev *rdev = substream->rmidi->private_data; |
| 1174 | struct snd_virmidi *vmidi = substream->runtime->private_data; |
| 1175 | |
| 1176 | + down_write(&rdev->filelist_sem); |
| 1177 | write_lock_irq(&rdev->filelist_lock); |
| 1178 | list_del(&vmidi->list); |
| 1179 | write_unlock_irq(&rdev->filelist_lock); |
| 1180 | + up_write(&rdev->filelist_sem); |
| 1181 | snd_midi_event_free(vmidi->parser); |
| 1182 | substream->runtime->private_data = NULL; |
| 1183 | kfree(vmidi); |
| 1184 | @@ -520,6 +530,7 @@ int snd_virmidi_new(struct snd_card *card, int device, struct snd_rawmidi **rrmi |
| 1185 | rdev->rmidi = rmidi; |
| 1186 | rdev->device = device; |
| 1187 | rdev->client = -1; |
| 1188 | + init_rwsem(&rdev->filelist_sem); |
| 1189 | rwlock_init(&rdev->filelist_lock); |
| 1190 | INIT_LIST_HEAD(&rdev->filelist); |
| 1191 | rdev->seq_mode = SNDRV_VIRMIDI_SEQ_DISPATCH; |
| 1192 | diff --git a/sound/usb/caiaq/device.c b/sound/usb/caiaq/device.c |
| 1193 | index b871ba407e4e..4458190149d1 100644 |
| 1194 | --- a/sound/usb/caiaq/device.c |
| 1195 | +++ b/sound/usb/caiaq/device.c |
| 1196 | @@ -469,10 +469,12 @@ static int init_card(struct snd_usb_caiaqdev *cdev) |
| 1197 | |
| 1198 | err = snd_usb_caiaq_send_command(cdev, EP1_CMD_GET_DEVICE_INFO, NULL, 0); |
| 1199 | if (err) |
| 1200 | - return err; |
| 1201 | + goto err_kill_urb; |
| 1202 | |
| 1203 | - if (!wait_event_timeout(cdev->ep1_wait_queue, cdev->spec_received, HZ)) |
| 1204 | - return -ENODEV; |
| 1205 | + if (!wait_event_timeout(cdev->ep1_wait_queue, cdev->spec_received, HZ)) { |
| 1206 | + err = -ENODEV; |
| 1207 | + goto err_kill_urb; |
| 1208 | + } |
| 1209 | |
| 1210 | usb_string(usb_dev, usb_dev->descriptor.iManufacturer, |
| 1211 | cdev->vendor_name, CAIAQ_USB_STR_LEN); |
| 1212 | @@ -507,6 +509,10 @@ static int init_card(struct snd_usb_caiaqdev *cdev) |
| 1213 | |
| 1214 | setup_card(cdev); |
| 1215 | return 0; |
| 1216 | + |
| 1217 | + err_kill_urb: |
| 1218 | + usb_kill_urb(&cdev->ep1_in_urb); |
| 1219 | + return err; |
| 1220 | } |
| 1221 | |
| 1222 | static int snd_probe(struct usb_interface *intf, |
| 1223 | diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c |
| 1224 | index ab3c280a23d1..58d624938a9f 100644 |
| 1225 | --- a/sound/usb/line6/driver.c |
| 1226 | +++ b/sound/usb/line6/driver.c |
| 1227 | @@ -775,9 +775,10 @@ int line6_probe(struct usb_interface *interface, |
| 1228 | return 0; |
| 1229 | |
| 1230 | error: |
| 1231 | - if (line6->disconnect) |
| 1232 | - line6->disconnect(line6); |
| 1233 | - snd_card_free(card); |
| 1234 | + /* we can call disconnect callback here because no close-sync is |
| 1235 | + * needed yet at this point |
| 1236 | + */ |
| 1237 | + line6_disconnect(interface); |
| 1238 | return ret; |
| 1239 | } |
| 1240 | EXPORT_SYMBOL_GPL(line6_probe); |
| 1241 | diff --git a/sound/usb/line6/podhd.c b/sound/usb/line6/podhd.c |
| 1242 | index 49cd4a65e390..5ab9e0c89211 100644 |
| 1243 | --- a/sound/usb/line6/podhd.c |
| 1244 | +++ b/sound/usb/line6/podhd.c |
| 1245 | @@ -307,6 +307,9 @@ static int podhd_init(struct usb_line6 *line6, |
| 1246 | |
| 1247 | line6->disconnect = podhd_disconnect; |
| 1248 | |
| 1249 | + init_timer(&pod->startup_timer); |
| 1250 | + INIT_WORK(&pod->startup_work, podhd_startup_workqueue); |
| 1251 | + |
| 1252 | if (pod->line6.properties->capabilities & LINE6_CAP_CONTROL) { |
| 1253 | /* create sysfs entries: */ |
| 1254 | err = snd_card_add_dev_attr(line6->card, &podhd_dev_attr_group); |
| 1255 | @@ -330,8 +333,6 @@ static int podhd_init(struct usb_line6 *line6, |
| 1256 | } |
| 1257 | |
| 1258 | /* init device and delay registering */ |
| 1259 | - init_timer(&pod->startup_timer); |
| 1260 | - INIT_WORK(&pod->startup_work, podhd_startup_workqueue); |
| 1261 | podhd_startup(pod); |
| 1262 | return 0; |
| 1263 | } |
| 1264 | diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c |
| 1265 | index d09c28c1deaf..d82e3c81c258 100644 |
| 1266 | --- a/sound/usb/mixer.c |
| 1267 | +++ b/sound/usb/mixer.c |
| 1268 | @@ -2228,6 +2228,9 @@ static int parse_audio_unit(struct mixer_build *state, int unitid) |
| 1269 | |
| 1270 | static void snd_usb_mixer_free(struct usb_mixer_interface *mixer) |
| 1271 | { |
| 1272 | + /* kill pending URBs */ |
| 1273 | + snd_usb_mixer_disconnect(mixer); |
| 1274 | + |
| 1275 | kfree(mixer->id_elems); |
| 1276 | if (mixer->urb) { |
| 1277 | kfree(mixer->urb->transfer_buffer); |
| 1278 | @@ -2578,8 +2581,13 @@ int snd_usb_create_mixer(struct snd_usb_audio *chip, int ctrlif, |
| 1279 | |
| 1280 | void snd_usb_mixer_disconnect(struct usb_mixer_interface *mixer) |
| 1281 | { |
| 1282 | - usb_kill_urb(mixer->urb); |
| 1283 | - usb_kill_urb(mixer->rc_urb); |
| 1284 | + if (mixer->disconnected) |
| 1285 | + return; |
| 1286 | + if (mixer->urb) |
| 1287 | + usb_kill_urb(mixer->urb); |
| 1288 | + if (mixer->rc_urb) |
| 1289 | + usb_kill_urb(mixer->rc_urb); |
| 1290 | + mixer->disconnected = true; |
| 1291 | } |
| 1292 | |
| 1293 | #ifdef CONFIG_PM |
| 1294 | diff --git a/sound/usb/mixer.h b/sound/usb/mixer.h |
| 1295 | index 2b4b067646ab..545d99b09706 100644 |
| 1296 | --- a/sound/usb/mixer.h |
| 1297 | +++ b/sound/usb/mixer.h |
| 1298 | @@ -22,6 +22,8 @@ struct usb_mixer_interface { |
| 1299 | struct urb *rc_urb; |
| 1300 | struct usb_ctrlrequest *rc_setup_packet; |
| 1301 | u8 rc_buffer[6]; |
| 1302 | + |
| 1303 | + bool disconnected; |
| 1304 | }; |
| 1305 | |
| 1306 | #define MAX_CHANNELS 16 /* max logical channels */ |